News

Is the Locky ransomware getting ready for a massive attack?

Just a few weeks ago Cisco announced that Locky may be getting ready for a massive ransomware spam campaign after researchers noticed traces of traffic from the hitherto dormant Necrus botnet.

“Locky has been one of the most effective and widespread families of ransomware. At one point during the height of its reign in the ransomware market, Locky was infecting 90,000 victims per day, yielding potentially hundreds of millions of dollars a year”, reads a post published by Cisco.

In the last months, Cisco’s researches registered a small number of malicious spam campaigns (around one thousand messages), which is very unusual for the massive figures they were typically seeing (hundreds of thousands of Locky spams). And it’s very probable that this is a teasing campaign for what it’s coming or maybe a test campaign.

Currently there are two types of Locky emails, both having attachments that once opened will infect the system. It is very interesting that one of them, the Double Zipped Locky, is delivering also the Kovter Trojan that would continue to operate on the system even after the user pays to have their files decrypted. This is why paying the ransom can be only a waste of money.

Campaign 1 - Double Zipped Locky

Campaign 2 - Rar based Locky

As the Cisco researches declared “With both of these campaigns being relatively low volume these could be one offs or indicators of changes to come to the campaigns in the future.”

If you receive an email from a source that you are not expecting or are unsure:

Do not open the emailDo not open the attachmentDo not open the file inside of the attachmentDelete it immediately

Request our free Anti-Malware guide that contains simple, useful steps that your staff can follow in order to avoid most common cyber threats and quick solutions on what to do once infected.

If you need help or any advice on cyber security, please get in touch as we can not only help get you prepared for cyber-attacks, but also avoid them.